From 285b6aad1aee686b6677817cef71fa31af3bb073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mamy=20Andr=C3=A9-Ratsimbazafy?= Date: Sun, 16 Feb 2020 22:18:22 +0100 Subject: [PATCH] Add cmov according to Milagro / hash_to_curve spec --- constantine/math/bigints_raw.nim | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/constantine/math/bigints_raw.nim b/constantine/math/bigints_raw.nim index 1adaff8..6d4e2b3 100644 --- a/constantine/math/bigints_raw.nim +++ b/constantine/math/bigints_raw.nim @@ -217,6 +217,16 @@ func setZero*(a: BigIntViewMut) = ## It's bit size is unchanged zeroMem(a[0].unsafeAddr, a.numLimbs() * sizeof(Word)) + +func cmov*(a: BigIntViewMut, b: BigIntViewAny, ctl: CTBool[Word]) = + ## Constant-time conditional copy + ## If ctl is true: b is copied into a + ## if ctl is false: b is not copied and a is untouched + ## Time and memory accesses are the same whether a copy occurs or not + checkMatchingBitlengths(a, b) + for i in 0 ..< a.numLimbs(): + a[i] = ctl.mux(b[i], a[i]) + # The arithmetic primitives all accept a control input that indicates # if it is a placebo operation. It stills performs the # same memory accesses to be side-channel attack resistant.